Bug 236285
Summary: | alsactl getting an avc denial on resume | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Zack Cerza <zcerza> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Ben Levenson <benl> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rawhide | CC: | davidz, djuran, stransky |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Current | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2007-08-22 14:16:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 236916, 236918 | ||
Bug Blocks: |
Description
Zack Cerza
2007-04-12 20:35:28 UTC
Any idea what it is trying to write? No idea. This appears to only happen on resume (from RAM, haven't tried disk) These two might offer more information. avc: denied { create } for comm="alsactl" dev=sda3 egid=0 euid=0 exe="/sbin/alsactl" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="asound.state" pid=9780 scontext=system_u:system_r:hald_t:s0 sgid=0 subj=system_u:system_r:hald_t:s0 suid=0 tclass=file tcontext=system_u:object_r:etc_t:s0 tty=(none) uid=0 avc: denied { write } for comm="alsactl" dev=sda3 egid=0 euid=0 exe="/sbin/alsactl" exit=4096 fsgid=0 fsuid=0 gid=0 items=0 name="asound.state" path="/etc/asound.state" pid=9780 scontext=system_u:system_r:hald_t:s0 sgid=0 subj=system_u:system_r:hald_t:s0 suid=0 tclass=file tcontext=system_u:object_r:etc_t:s0 tty=(none) uid=0 It's right, /etc/asound.state is stored volume setting for soundcards and /sbin/alsactl has to read/write/create it. Any chance of getting this file into its own directory? /etc/asound/asound.state? Which apps read this file? This file should be at least ghosted by alsa-utils No problem, I can move asound.state to /etc/asound. It's read only by alsactl. So shall I move it there? Yes if you move it there, I will create a new context for this directory and allow hal to manipulate that directory. This way I don't have to allow hal to manipulate etc_t which includes /etc/passwd. Do you know which hal script(s) manipulates alsactl? alsactl is run by init scripts, modprobe.conf (the install section for each sound driver) and /sbin/salsa. So I'll create one utility for store/restore sound settings and this utility can be called by scripts, no matter where the configuration is actually stored. The "salsa" utility was updated in alsa-utils-1.0.14-0.5.rc2.fc7. We need to update initscripts (halt) and /etc/modprobe.conf with appropriate configuration. We can use: ----------- "/sbin/salsa -s" - saves volume settings for all sound cards "/sbin/salsa -s 1" - saves volume settings for the second sound card "/sbin/salsa -l" - loads/restores volume settings for all cards "/sbin/salsa -l 1" - loads/restores volume settings for the second sound card Bug 236916 was filed for initscripts. Bug 236918 was filed against kudzu (for /etc/modprobe.conf). Fixed in selinux-policy-2.6.4-5.fc7 Should be fixed in the current release |